Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 10a7ef33 authored by David Miller's avatar David Miller Committed by Steffen Klassert
Browse files

ipsec: Fix dst leak in xfrm_bundle_create().



If we cannot find a suitable inner_mode value, we will leak
the currently allocated 'xdst'.

The fix is to make sure it is linked into the chain before
erroring out.

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
parent c0576e39
Loading
Loading
Loading
Loading
+8 −8
Original line number Diff line number Diff line
@@ -1573,6 +1573,14 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy,
			goto put_states;
		}

		if (!dst_prev)
			dst0 = dst1;
		else
			/* Ref count is taken during xfrm_alloc_dst()
			 * No need to do dst_clone() on dst1
			 */
			dst_prev->child = dst1;

		if (xfrm[i]->sel.family == AF_UNSPEC) {
			inner_mode = xfrm_ip2inner_mode(xfrm[i],
							xfrm_af2proto(family));
@@ -1584,14 +1592,6 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy,
		} else
			inner_mode = xfrm[i]->inner_mode;

		if (!dst_prev)
			dst0 = dst1;
		else
			/* Ref count is taken during xfrm_alloc_dst()
			 * No need to do dst_clone() on dst1
			 */
			dst_prev->child = dst1;

		xdst->route = dst;
		dst_copy_metrics(dst1, dst);